10 things IT professionals need to know about Ajax

Any new Web technology will affect a network infrastructure in different ways from unimportant things to stunning the world. Ajax is one of the new technologies being used extensively on networks today. To help you minimize your network surprises, we outline 10 issues to know about Ajax.

1. Ajax is an idea, not a phrase

Ajax, though clearly explained, stands for Asynchronous JavaScript and XML, but the full name is still not entirely appropriate because it simplifies the history of technology as well as the additional options included in the itself. More precisely, Ajax includes the idea that web applications can be built to choose from among the 'post-wait-repeat' loops used in server-side Web applications. Ajax allows web applications to move in a more seamless and flexible way, but the update increases. It provides users with a rich method and the ability to better interact with what's beneath the Web application. For this component, network experts must perform a lot of work in checking and monitoring the necessary security as well as the potential for network and server changes.

2. Really all according to JavaScript

Ajax applications are written in the JavaScript language and often rely on the XMLHttpRequest object to carry out communication, which will create its path through the World Wide Web. Like other Web technologies, Ajax technology is now just a special technology standard, striking differences can be found in additions to its various browsers. Ajax can use other data transmission mechanisms - with or without extensive support in IT - with Ajax applications, such as traditional frames and image-cookie methods as well as using binary bridges to associate with Flash or Java

Regardless of the transmission method used by the developer, Ajax has made JavaScript more important inside a web application than it did before. JavaScript now holds the role of collecting important data, communication and operations, so it can be considered as a second-class web technology without serious impacts.

Software developers believe that JavaScript technology is malicious and wants to avoid this language with a tool or framework that creates it from another language such as Java (Google Web Toolkit is an example), or the hidden code elements or tags (like with .Net or Ruby). Even so, JavaScript is still an application. Understanding this language and understanding it directly will help you a lot because if you want to use Ajax, you will use a lot of JavaScript.

3. No need for XML

Although there is an 'X' in Ajax's word group, it doesn't really need XML. The XMLHttpRequest object can transmit any text format. For many Ajax software developers, JavaScript object notation (JavaScript Object Notation) or even raw JavaScript code snippets also make a lot of sense as a data format, assuming JavaScript is the dominant environment. With direct input in documents, other software developers can use plain text or HTML fragments. There are still some other components that use such data formats as the little known YAML markup language.

Obviously possible and reasonable to use XML, Ajax is still not required. Using binary formats for uploading files is still not supported by the XMLHttpRequest object, but it is important to know that Flash uses a binary format called Action Message Format, so the same features so it will soon be available in Ajax applications. You should know which format is being used on the network because it is not always XML, and also ensure you can analyze the format for performance and security issues.

4. Plan for increasing HTTP requests

The most prominent problem for network administrators in supporting Ajax applications is that the architecture programming model has changed the problem of using network applications from web applications such as block processing, non-interconnected responses. hundreds of KBs to the change are continuous in smaller HTTP responses. This means that the Web and application servers can be much busier than before. What Ajax will do with your network and server depends on how the application is designed, make sure application developers understand the impact of their applications on the network. how.

5. Optimize Ajax requests with caution

Web applications should be associated with the distribution of the network, which is to send less data. This does not mean, however, that this principle needs to be widely followed by software developers. One advantage for the network, HTTP compression for Ajax responses can be reduced in size and supported in many modern browsers. However, because the compression of the compressed file is dynamic, the speed may not improve much if the responses are relatively small. This means that network administrators should allow compression on the Web server, but they need to understand that with Ajax applications, the performance of this is not as large as previous web applications.

In order to send less data, we will often use caching. Most Ajax implementations, however, may be hostile to caching with the assumption that browsers do not involve re-fetching URLs in the same session. Instead of working with caching, many Ajax developers use caching through header settings or unique URLs.

It is possible to target caching issues with the client Ajax Ajax cache written in JavaScript, but most Ajax libraries do not add such features. Network experts should introduce developers to the benefits of caching because Ajax may be more beneficial from this problem than compression.

6. Acknowledge about two-connection restrictions

Ajax applications are restricted by HTTP for two concurrent connections with the same URL. This is how the HTTP protocol is designed, unrestricted. However, many Ajax software developers are still slipping into a server by chance although Microsoft's Internet Explorer 8 is supported to go beyond these restrictions. Some of Ajax 'bad apps can be problematic and with browsers changing, network administrators need to capture the number of requests created and work with application developers to Avoid using designs such as long polls or help connections.

7. Consider the order of processing

For traditional web applications, TCP / IP communication influence (such as the lack of an HTTP response order will be received) is generally unnoticed. HTML documents are received before other objects and then it will trigger the request. Any request that occurs later activates a new document completely, thus ensuring the order. However, Ajax does not use such order identification, so the dependency of an application in the right order needs to be handled by a queue. The Ajax framework also does not consistently acknowledge this concern. Therefore, it is necessary to ensure that Ajax application developers understand this issue.

8. Acknowledge the influence of eliminating "Layer 8" error correction

In the past few years, users have overcome the quality of Web distribution by reloading the pages or the Back button. Simply put, users do so to help reduce network problems because errors often appear at times between page paint. However, with Ajax, the application error is not so obvious. Users often get errors about errors because the animated GIF rotation provides too little information about the correct state of the request.

Software developers are the most deadly because many libraries are not effective in acknowledging that these timeouts occur, retry times must appear, the server and the data errors are increasing. JavaScript diagnostics display communication and code errors rarely on the client side, so users often don't know. Therefore, it is necessary to have multiple application level checks required for administrators to support Ajax properly.

9. The old security threats appear a second time

If you listen to experts, Ajax can increase the attack surface but it is no less secure than traditional web application development environments because of the HTTP inputs to the trusted server. has the same headers, query strings and text body. However, if the client code is fully trusted and imported into non-blocking data in the web development team, Ajax can cause similar security problems as traditional web applications.

Cross-site scripting (XSS) is not a new hole in Ajax; it is a common error, especially if an application allows state data to be adjusted with JavaScript. HTML input should be disallowed in most cases and HTTP Only Cookies should be applied immediately to reduce cookie attacks and other attacks via XSS.

Also Cross Site Request Forgery is not a new error of Ajax, but if your application developers do not check the HTTP Referer (sic) header and manage sessions properly within Ajax applications, then can leave this problem vulnerable.

Hackers, like software developers, are very interested in using and abusing JavaScript, which adds to potential vulnerabilities. Network experts should make sure the software expert knows that client code can be changed, so the input data always needs to be filtered and reviewed.

10. Policy issues of the same origin

On the 'positive' side of security, JavaScript's same policies will still be valid in Ajax applications using XMLHttpRequest. This policy ensures that these scripts are not linked to external domains. From the point of view of software developers, this can be quite frustrating because it means that those pages are met, for example, from ajaxref.com cannot link to the URL hosted on www. ajaxref.com; even if it is on the same server, it is not the same domain. DNS equivalent no problem here; It is a string-check used by SOP.

SOP will interfere with the developers' ability to perform some Web service efforts on the client side. Obviously the best method is to use a proxy on the server to make requests to another server and combine the results. However, many Ajax software developers try to interrupt the same restrictions. The use